Latest Posts

Exporting SharePoint User Permissions Report using PnP PowerShell

Posted on by Rishan Solutions

Loading

Managing SharePoint permissions is crucial for security and compliance. Using PnP PowerShell, you can export a detailed user permissions report for SharePoint Online, helping administrators track user access.

Key Topics Covered:

✔️ Listing user permissions for a SharePoint site
✔️ Exporting permissions to a CSV file
✔️ Checking permissions for all site collections
✔️ Troubleshooting common errors

Prerequisites

Before running any PowerShell commands, ensure you have:
PnP PowerShell installed
Global Admin or SharePoint Admin rights
The URL of the SharePoint site

Step 1: Install and Import PnP PowerShell

If you haven’t installed PnP PowerShell, install it first:

Install-Module -Name PnP.PowerShell -Scope CurrentUser -AllowClobber -Force

Then, import the module:

Import-Module PnP.PowerShell

PnP PowerShell is ready!

Step 2: Connect to SharePoint Online

Use the following command to connect to your SharePoint site:

Connect-PnPOnline -Url "https://yourtenant.sharepoint.com/sites/yoursite" -Interactive

Replace "yourtenant" with your SharePoint tenant name.
Replace "yoursite" with your actual site name.

Connected successfully!

Step 3: Retrieve User Permissions for a Site

To list all user permissions on a SharePoint site:

# Define site URL
$siteUrl = "https://yourtenant.sharepoint.com/sites/yoursite"

# Get all site groups
$groups = Get-PnPGroup

# Loop through each group and list users
foreach ($group in $groups) {
    $users = Get-PnPGroupMembers -Identity $group.Title
    foreach ($user in $users) {
        Write-Host "$($user.Email) is a member of $($group.Title)"
    }
}

This will display all users and their assigned groups in the SharePoint site.

Step 4: Export User Permissions to a CSV File

To save permissions as a CSV file:

# Define site URL
$siteUrl = "https://yourtenant.sharepoint.com/sites/yoursite"

# Get all site groups
$groups = Get-PnPGroup
$permissionsList = @()

# Loop through each group and retrieve users
foreach ($group in $groups) {
    $users = Get-PnPGroupMembers -Identity $group.Title
    foreach ($user in $users) {
        $permissionsList += [PSCustomObject]@{
            UserEmail   = $user.Email
            UserName    = $user.Title
            GroupName   = $group.Title
            SiteURL     = $siteUrl
        }
    }
}

# Export data to CSV
$permissionsList | Export-Csv -Path "C:\SharePointPermissionsReport.csv" -NoTypeInformation

Write-Host "Permissions report exported successfully!"

Replace "C:\SharePointPermissionsReport.csv" with your desired file path.

User permissions report is now saved as a CSV!

Step 5: Retrieve Permissions for All Site Collections

To get permissions for all SharePoint Online site collections:

# Get all SharePoint Online site collections
$sites = Get-PnPTenantSite

# Define an array for storing permissions
$permissionsList = @()

# Loop through each site collection
foreach ($site in $sites) {
    Connect-PnPOnline -Url $site.Url -Interactive
    $groups = Get-PnPGroup

    foreach ($group in $groups) {
        $users = Get-PnPGroupMembers -Identity $group.Title
        foreach ($user in $users) {
            $permissionsList += [PSCustomObject]@{
                UserEmail   = $user.Email
                UserName    = $user.Title
                GroupName   = $group.Title
                SiteURL     = $site.Url
            }
        }
    }
}

# Export permissions to CSV
$permissionsList | Export-Csv -Path "C:\AllSitesPermissionsReport.csv" -NoTypeInformation

Write-Host "All site collections permissions report exported!"

This script will fetch permissions from all sites and save them to a CSV file.

Complete site collection permissions report generated!

Step 6: Checking Individual User Permissions

To check the permissions of a specific user:

# Define user email
$userEmail = "user@yourdomain.com"

# Get user permissions
$permissions = Get-PnPSiteUser -Identity $userEmail
$permissions

Replace "user@yourdomain.com" with the actual user’s email.

User’s permission details retrieved!

Step 7: Automate the Report Generation

To schedule this report generation, use Task Scheduler:

  1. Open Task Scheduler → Click Create Basic Task
  2. Set trigger (e.g., daily, weekly)
  3. Set action → Select Start a Program
  4. Enter:
    • Program/script: powershell.exe
    • Arguments: -File "C:\Scripts\ExportSharePointPermissions.ps1"
  5. Click Finish

Automated permission reports!

Common Errors & Solutions

ErrorCauseSolution
Access DeniedInsufficient permissionsRun as SharePoint Admin
Group not foundIncorrect group nameVerify group name using Get-PnPGroup
User not foundUser doesn’t exist in siteCheck user list with Get-PnPGroupMembers
Path not foundInvalid file locationEnsure correct file path in Export-Csv

Leave a Reply

Your email address will not be published. Required fields are marked *